MCQs on Security and Compliance | AWS Amazon EMR Questions Multiple Choice
AWS Amazon Elastic MapReduce (EMR) simplifies big data processing on the cloud while ensuring security and compliance. In this chapter, we cover topics like Identity and Access Management (IAM), encryption techniques, Virtual Private Clouds (VPCs), and fine-grained access control to help secure your Amazon EMR clusters. Test your knowledge with these targeted MCQs.
AWS Amazon EMR MCQs – Security and Compliance
Section 1: Identity and Access Management (IAM)
- What is the role of an IAM policy in Amazon EMR security?
a) Automates EC2 instance scaling
b) Defines permissions for accessing AWS resources
c) Manages Hadoop cluster configurations
d) Encrypts data stored on EBS volumes - Which AWS feature can enforce access control for Amazon EMR clusters?
a) Elastic Load Balancer
b) Security Groups
c) IAM Roles and Policies
d) Auto Scaling Groups - What is the best practice when assigning IAM roles to an Amazon EMR cluster?
a) Assign the same role to all users
b) Use a predefined AWS root account role
c) Assign least privilege roles for specific tasks
d) Avoid assigning roles to reduce complexity - IAM roles in Amazon EMR are primarily used to:
a) Provide access to AWS resources required by the cluster
b) Encrypt data during transit
c) Enable monitoring using CloudWatch
d) Automate software updates on the cluster - How can you ensure temporary credentials are used for accessing EMR clusters?
a) Use an EC2 key pair
b) Use IAM roles with short-lived sessions
c) Enable multi-factor authentication
d) Configure VPC flow logs
Section 2: Encryption
- Which encryption method is commonly used to secure data stored in Amazon EMR?
a) Asymmetric encryption with AWS CloudHSM
b) Server-side encryption with Amazon S3-managed keys (SSE-S3)
c) SHA-256 hashing
d) Plain text storage with access logging - What is the purpose of enabling at-rest encryption in Amazon EMR?
a) Prevent unauthorized modifications to cluster configurations
b) Secure sensitive data stored on disk
c) Optimize query performance
d) Enable multi-region replication - To encrypt data in transit in Amazon EMR, you can use:
a) TLS/SSL protocols
b) IAM roles with encryption permissions
c) EBS volume encryption
d) Amazon QuickSight - Amazon EMR integrates with which service for customer-managed encryption keys?
a) AWS Secrets Manager
b) AWS Key Management Service (KMS)
c) AWS Trusted Advisor
d) Amazon Connect - What is a key advantage of using AWS KMS with Amazon EMR?
a) Reduces storage costs
b) Centralized encryption key management
c) Automatic scaling of data nodes
d) Enhanced network latency
Section 3: Virtual Private Clouds (VPCs)
- Why is it important to configure Amazon EMR within a VPC?
a) Improves data analytics speed
b) Provides isolated network environments for clusters
c) Reduces storage costs for logs
d) Simplifies IAM policy creation - How can you ensure that only specific IP ranges access an EMR cluster in a VPC?
a) Configure NACLs and security group rules
b) Use AWS Global Accelerator
c) Assign IAM roles to specific IP addresses
d) Enable public IP addressing for all instances - What is the function of a security group in an Amazon EMR VPC setup?
a) Provide encryption keys for clusters
b) Allow or deny traffic to cluster instances
c) Monitor cluster performance metrics
d) Store EMR logs securely - To restrict access to Amazon EMR endpoints, you can use:
a) AWS CloudFormation templates
b) VPC endpoint policies
c) S3 bucket policies
d) Direct Connect gateway - Which AWS feature ensures private network connectivity for Amazon EMR clusters?
a) Public IP addressing
b) NAT Gateway
c) VPC Endpoints
d) AWS Direct Connect
Section 4: Fine-Grained Access Control
- How can you implement fine-grained access control for Amazon EMR data stored in S3?
a) Use S3 bucket policies and IAM roles
b) Configure S3 lifecycle rules
c) Use CloudTrail logs for access tracking
d) Enable AWS Glue crawlers - What is the advantage of using fine-grained access control in EMR?
a) Ensures automatic cluster scaling
b) Reduces cluster processing costs
c) Limits access to sensitive data based on user roles
d) Increases log retention periods - Which tool allows detailed data access control for Amazon EMR clusters?
a) AWS Glue
b) Amazon Lake Formation
c) AWS CloudTrail
d) AWS Elastic Beanstalk - Fine-grained access control in Amazon EMR is crucial for:
a) Disaster recovery planning
b) Optimizing query performance
c) Data security and compliance requirements
d) Reducing API call latency - To enforce fine-grained access control, you should:
a) Enable network-level encryption only
b) Configure IAM policies and S3 bucket permissions
c) Disable cross-region replication for data stored in S3
d) Use default security groups for all instances
Answers
| Q No. | Answer (Option with Text) |
|---|---|
| 1 | b) Defines permissions for accessing AWS resources |
| 2 | c) IAM Roles and Policies |
| 3 | c) Assign least privilege roles for specific tasks |
| 4 | a) Provide access to AWS resources required by the cluster |
| 5 | b) Use IAM roles with short-lived sessions |
| 6 | b) Server-side encryption with Amazon S3-managed keys (SSE-S3) |
| 7 | b) Secure sensitive data stored on disk |
| 8 | a) TLS/SSL protocols |
| 9 | b) AWS Key Management Service (KMS) |
| 10 | b) Centralized encryption key management |
| 11 | b) Provides isolated network environments for clusters |
| 12 | a) Configure NACLs and security group rules |
| 13 | b) Allow or deny traffic to cluster instances |
| 14 | b) VPC endpoint policies |
| 15 | c) VPC Endpoints |
| 16 | a) Use S3 bucket policies and IAM roles |
| 17 | c) Limits access to sensitive data based on user roles |
| 18 | b) Amazon Lake Formation |
| 19 | c) Data security and compliance requirements |
| 20 | b) Configure IAM policies and S3 bucket permission |